Skip to main content

Podman Desktop CVE-2026-34045

| EUVDEUVD-2026-19943 CRITICAL
Error Message Information Leak (CWE-209)
2026-04-07 security-advisories@github.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
8.2 HIGH

Unauthenticated network listener (AV:N/AC:L/PR:N/UI:N); availability is high (host freeze) but disclosure is limited to paths/usernames, so C:L rather than C:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Red Hat
8.2 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

13
Analysis Updated
Jun 30, 2026 - 03:52 vuln.today
v5 (patch_released)
Analysis Updated
Jun 30, 2026 - 03:49 vuln.today
v4 (patch_released)
Analysis Updated
Jun 30, 2026 - 03:48 vuln.today
v3 (patch_released)
Analysis Updated
Jun 30, 2026 - 03:48 vuln.today
v2 (patch_released)
Severity Changed
Jun 30, 2026 - 03:24 NVD
HIGH CRITICAL
CVSS changed
Jun 30, 2026 - 03:24 NVD
8.2 (HIGH) 9.1 (CRITICAL)
Analysis Updated
Apr 16, 2026 - 06:02 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.26.2
Re-analysis Queued
Apr 15, 2026 - 23:37 vuln.today
cvss_changed
EUVD ID Assigned
Apr 07, 2026 - 21:22 euvd
EUVD-2026-19943
Analysis Generated
Apr 07, 2026 - 21:22 vuln.today
CVE Published
Apr 07, 2026 - 21:17 nvd
HIGH 8.2

DescriptionNVD

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2.

AnalysisAI

Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify reachable Podman Desktop HTTP server
Delivery
Open unlimited untimed connections
Exploit
Exhaust file descriptors and kernel memory
Execution
Crash app or freeze host
Persist
Read verbose error responses
Impact
Harvest internal paths and Windows usernames

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the unauthenticated HTTP server that Podman Desktop (versions < 1.26.2) exposes - the attacker must be able to route TCP connections to that listener's port on the victim host. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network as a developer running a vulnerable Podman Desktop instance connects to its unauthenticated HTTP server and opens a flood of connections with no timeout, exhausting file descriptors and kernel memory until the application crashes or the entire host freezes. In parallel, the attacker sends malformed requests to harvest verbose error messages that disclose internal filesystem paths and, on Windows, the logged-in username, aiding follow-on attacks. …
Remediation Upgrade to Podman Desktop 1.26.2 or later, which fixes the issue (Vendor-released patch: 1.26.2). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Podman Desktop installations and assess network accessibility; 7 days: Upgrade all instances to Podman Desktop 1.26.2; 30 days: Validate patch deployment across all systems and monitor security logs for exploitation attempts.

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

CVE-2026-31892 HIGH POC
8.9 Mar 11

Authorization bypass in Argo Workflows (2.9.0 through 4.0.1 and 3.7.x before 3.7.11) lets any user permitted to submit W

CVE-2026-23742 HIGH POC
8.8 Jan 16

Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary

CVE-2026-25538 HIGH POC
8.8 Feb 04

Devtron is an open source tool integration platform for Kubernetes. [CVSS 8.8 HIGH]

CVE-2026-22771 HIGH POC
8.8 Jan 12

Credential theft via Lua script execution in Envoy Gateway versions before 1.5.7 and 1.6.2 allows authenticated attacker

Vendor StatusVendor

Share

CVE-2026-34045 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy